Thursday, July 9, 2015

S 1705 Introduced – FY 2016 Intel Spending

Yesterday Sen. Burr (R,NC) introduced S 1705, the Intelligence Authorization Act for Fiscal Year 2016. This is the Senate version of the language that will likely be substituted in that body for the language for HR 2596 that was recently adopted in the House. There is only one item in the unclassified language of this bill that comes close to addressing cybersecurity issues.

Section 603 of the bill would require electronic service providers or remote computing service providers that obtain “actual knowledge of any terrorist activity” {§603(a)} including information about apparent violations of 18 USC 842(p). That section of the criminal code makes it a crime to distribute information relating to explosives, destructive devices, and weapons of mass destruction in “in furtherance of, an activity that constitutes a Federal crime of violence” {§842(p)(2)(A)}.

An effort was made to ease any privacy concerns that could arise out of this new reporting requirement by stating that nothing in the new reporting requirement could be construed as a mandate for a covered provider to {§603(d)}:

Monitor any user, subscriber, or customer of that provider; or
Monitor the content of any communication of any person.

Moving Forward

It is not clear that the Senate Democrat’s opposition to the FY 2016 spending bills in general (due to spending cap limits) would apply to this bill. While the House vote on HR 2596 was not exactly resoundingly bipartisan (247 to 148) there were a number of Democrats (31) that did vote for the bill. Consideration of the bill could be blocked by an odd coalition of conservative Republicans and liberal Democrats.

On the other hand, this bill does not contain the language expanding the scope of the Cyber Threat Intelligence Integration Center to which the President objected. That may be enough to get this bill to the floor where it will certainly be passed after a lengthy amendment process.

Commentary

Even with the minimal limitations found in paragraph (d) the privacy folks will certainly take objection to the §603 requirements. Making internet providers (and that is clearly who are being addressed here) the arbiters of whether or not a communication meets the legal requirement of intent “to use the teaching, demonstration, or information for, or in furtherance of, an activity that constitutes a Federal crime of violence” {§842(p)(2)(B)}.would certainly raise concern in my mind.

For example there have been a number of occasions where I have discussed the use of industrial chemicals as destructive devices or weapons of mass destruction. And I have been criticized in a couple of instances for ‘making this information available to terrorists’. Would my discussions be required to be reported if they came to the attention of my internet provider? I’m not really too worried in my case because of the number of government readers that I have, if I ever really step over the line, it will be noted pretty quickly. But how about readers that share knowledge of newly discovered techniques with me by email?


No, I expect that this provision will see some amendments made to it if this bill ever gets to the floor of the Senate.

No comments:

 
/* Use this with templates/template-twocol.html */